Latest commentary, news and discoveries from Blue Frost Security.

CVE-2023-2008 - Analyzing and exploiting a bug in the udmabuf driver

In this post we describe a bug we found in the udmabuf driver a while back, and how we exploited it to achieve root access in affected systems.

Revisiting CVE-2017-11176

In this post we are deviating a bit from the typical format of posts on our blog and try to provide some introductory material into Android/Linux kernel exploitation.

BFS Ekoparty 2022 Exploitation Challenges

Show us your skills, to get a free invite to the BFS VIP dinner/party as well as an opportunity to join our team!

Windows Segment Heap: Attacking the VS Allocator

Abusing the Windows segment heap metadata to turn a heap overflow into an overlapping chunk allocation

BFS Hiring Challenge

Show us your skills, and get an opportunity to join BFS!

Meltdown Reloaded: Breaking Windows KASLR by Leaking KVA Shadow Mappings

This blogpost explains how Meltdown can still be used to leak some specific kernel data and break Windows KASLR in the latest Windows versions, including "Windows 10" 20H1, despite the KVA Shadow mechanism introduced to mitigate Meltdown.

Exploiting CVE-2020-0041 - Part 2: Escalating to root

Exploiting the kernel with CVE-2020-0041 to achieve root privileges

Exploiting CVE-2020-0041 - Part 1: Escaping the Chrome Sandbox

Description of CVE-2020-0041 we reported to Google in December 2019, and the exploit for escaping the Google Chrome sandbox we wrote using this bug.

CVE-2019-1215 Analysis of a Use After Free in ws2ifsl

Root cause analysis and exploit for a Windows kernel ws2ifsl.sys use-after-free vulnerability.

BFS Ekoparty 2019 Exploitation Challenge - Override Banking Restrictions to get US Dollars

Show us your skills, get invites to the BFS-IOACTIVE party and an opportunity to join BFS!

Escaping the Chrome Sandbox via an IndexedDB Race Condition

Exploitation of a race condition in the IndexedDB implementation of Chrome, demonstrating a full sandbox escape.

TEE Exploitation on Samsung Exynos devices (I/IV) : Introduction

Part 1 of a series of posts on exploiting Trusted Applications on the Samsung Galaxy S9 TEE.

Don't Follow The Masses: Bug Hunting in JavaScript Engines

Analysis of CVE-2019-5790 and how the search for unexplored attack surface in V8 led to its discovery.

BFS Ekoparty 2018 Exploitation Challenge: Stop the Capital Flight

Win entry tickets to Ekoparty as well as an invitation to the official speaker dinner by stopping capital flight and solving the Argentinean currency crisis!

BFS Ekoparty Exploitation Challenge

Win entrance tickets to Ekoparty in Argentina by hacking the unbreakable voting machine.

Windows 10 HAL’s Heap – Extinction of the "HalpInterruptController" Table Exploitation Technique

Another kernel exploitation technique killed in Windows 10 Creators Update

Understanding Emergency Windows Update MS14-068

This post explains the functionality of the critical vulnerability CVE-2014-6324 found in the Windows implementation of the Kerberos authentication protocol.